The 2015 infamous Java unserialize vulnerability

> Hi,
>
> I thought I warned all our users to take care about "The 2015 infamous
> Java unserialize vulnerability" as I called it when I created
> https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure 
> 2 months ago.
> But it only reached the dev ML so this mail to warn you about this
> vulnerability we have still in OFBiz.
>
> We have it because of the Groovy version we use
> https://issues.apache.org/jira/browse/OFBIZ-6568. And you are also
> vulnerable if you use RMI or/and JMX
> You can protect your OFBiz instance/s by following the "Be safe!"
> warning in the wiki page above. We use that in the demos for 2 months.
>
> Be safe!
>
> Jacques

> Hi,
>
> I thought I warned all our users to take care about "The 2015 infamous
> Java unserialize vulnerability" as I called it when I created
> https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure 
> 2 months ago.
> But it only reached the dev ML so this mail to warn you about this
> vulnerability we have still in OFBiz.
>
> We have it because of the Groovy version we use
> https://issues.apache.org/jira/browse/OFBIZ-6568. And you are also
> vulnerable if you use RMI or/and JMX
> You can protect your OFBiz instance/s by following the "Be safe!"
> warning in the wiki page above. We use that in the demos for 2 months.
>
> Be safe!
>
> Jacques